Skip to the content.

Hide security issues

This has become less of a problem for us in recent years as I like to believe we’ve managed to discourage users from doing this and thanks to the issue template stressing that security reports should not be posted publicly, but still, it would help if GitHub could allow us to hide reports that are filed with sensitive data in them. Sure, lots of people have already seen the data by then but at least it would limit further damage. If we report users/posts as spam or abuse, GitHub themselves can remove issues and comments completely without a trace left, but it seems wrong to abuse that method for security sensitive posts that are otherwise on-topic.

A security-related issue that is posted publicly could be made “hidden” until the issue has been responsibly disclosed.